Apache Tomcat likes with default settings to listen to requests on 8080 and 8443 ports but it is more enjoyable to use the more common 80 and 443 ports for HTTP and HTTPS traffic. This way the user don’t have to put those pesky port numbers after the address. Of course you could just tell Tomcat to listen to those ports but it has some negative sides: hassle with the startup and running Tomcat as root.

Luckily it is easy to tell the system to redirect the traffic from some port to other. Just define some new xinetd services in /etc/xinetd.d/tomcat.

Xinetd puts a connection limit per source IP, by default and this causes the service to become unresponsive when there are dozens of queries a second. You see the following kind of line in your messages log file: “xinetd[2049]: FAIL: tomcat-https per_source_limit from=123.456.789.123”. To correct this, uncomment the per_source and instances lines in your xinet.d file and restart it.

If you are using this redirection of all traffic to HTTPS with JIRA and want to attachments working also with Internet Explorer then you must add the following to your jira.xml (f. ex. /opt/tomcat/conf/Catalina/localhost/jira.xml). This is a Internet Explorer bug, for more information see http://jira.atlassian.com/browse/JRA-8179.

A simple tip for keeping up with the time in Xen when your domU isn’t syncing the clock frequently enough and your clock is whatever. Of course you can sync your clock with ntpdate but first you need to set the domain (domU) to run its wallclock independently from Xen.

Simply say in the command line of domU:echo 1 > /proc/sys/xen/independent_wallclock

Or if you have noclobber on:echo 1 >! /proc/sys/xen/independent_wallclock

And to keep the setting between reboots, just add it to the /etc/sysctl.conf:xen.independent_wallclock = 1

Although, it is better if the Xen dom0 syncs the clock frequently so all the domains (domU) don’t need to do it by themselves and thus wasting resources. Why do things multiple times when it could be done just once.

Samba is a nice service to provide storage space through networks and it is relatively easy to set up. It’s not as fast as using NFS between Linux hosts but sometimes you don’t have that possibility. Sometimes there also might be quite confusing problems like I happened to notice.

My Samba service had worked fine for a long time but after a kernel update and a reboot, the performance was horrible. It was really slow to do anything. Fortunately I wasn’t the only one to come by with this problem and there was a topic Samba Performance Problem Due to Changing Linux Kernel in Samba Performance Tuning -guide which provided a solution to my problem. Just restarted the network interface and the performance was as good as before.

The Protocol Freedom Information Foundation (PFIF), signed an agreement with Microsoft to receive the protocol documentation needed to fully interoperate with the Microsoft Windows workgroup server products and to make them available to Free Software projects such as Samba.

Microsoft was required to make this information available to competitors as part of the European Commission March 24th 2004 Decision in the antitrust lawsuit, after losing their appeal against that decision on September 17th 2007.
– Samba Team

While testing the upcoming WordPress 2.3 I noticed that I had a problem with he localization. Defining the language with WPLANG had no effects and all the text were in English as they should have been in Finnish. I installed another instance of WordPress 2.2.3 and the problem was still there. Somewhat confusing because I had a working WordPress instance with the same PHP-version (php-5.2.4_pre200708051230-r2). The only difference was that the other box was 32-bit system and the other 64-bit. Although at that time I didn’t know what to look for.

After some googling I found a Spanish-blog which explained the “bug” and provided a solution. Unfortunately I don’t speak Spanish but the solution was clear with pieces of code to show the way. After I knew what to look for I found some discussions about this topic on WordPress Trac and an entry 2 weeks ago with a patch gettext-64-without-bitwise-ops.diff seems to get the thing fixed.

The problem is in the PHP-gettext which is used for translating strings. The file is located at wp-includes/gettext.php and in that file the problem is created by fixing a bug in PHP 5.0.2 on 64-bit systems. The counterfix is luckily an easy one and you just have to remove some bitwise operators.

After updating to expat-2.0.1, it tells you to run revdep-rebuild -X --library=libexpat.so.0 but even after that apache2 couldn’t be started. It says that /usr/sbin/apache2 can’t find shared library libexpat.so.0. After some googling I found a message in Google Groups which deals with the problem.

The problem is that /usr/lib/libaprutil-0.so.0.9.12 which belongs to apr-util is still broken. But how can that be broken when you just ran the revdep-rebuild which should have fixed the problem. The reason is that by executing eix apr-util, you see that there are two versions of apr-util installed.

After re-emergeing the apr-util-0.9.12-r1, apache2 starts normally.

The problem is actually caused by the “-X” option of revdep-rebuild command, which emerges the best (currrently is the latest stable) packages available. In this apr-util case, it will emerge apr-util-1.2.8.

This article might be a bit outdated on some parts but just Google if problems arise.

SNMP and MRTG graphs

Statistics and graphs are nice way to follow what the machine is doing. Just a little bit of configuration and scripts you can use f. ex. servers’, routers’ and firewalls’ operational statistical data from their Object Identifiers (OID) with the help of Simple Network Management Protocol (SNMP) and Management Information Base (MIB) which define the available OID functions.

MRTG ja RRDtool

MRTG can log data with RRDtool which is better than the default log format. Just use the “LogFormat: rrdtool” line and you’re done. There is more information about RRDtool and MRTG on Oetiker’s site.

mrtg-rrd

“The mrtg-rrd.cgi is a CGI/FastCGI script for displaying MRTG graphs from data in the RRDtool format. It can make your monitoring system faster because MRTG does not have to generate all the PNG files with graphs every 5 minutes or so. Instead of this the graphs are generated on-demand when the user wants to see them.” http://www.fi.muni.cz/~kas/mrtg-rrd/

To use Mrtg-rrd.cgi just download it from the link above and place it on Apache’s cgi-bin -directory.

The whole thing is documented on those pages so check them out and get some nice statistics. The difference between Joel’s and Craig’s scripts is that with Joel’s script you can also draw graphs of rejected mails.

Normally putting up a web server with PHP and database is easy and the default settings are enough but sometimes there is need for tuning the performance. The server might be low on memory and the CPU and has (too) many things to handle. Also it is good to know how things work.

More practical example is on Disruptive Library Technology Jester -blog which writes about WordPress/MySQL Tuning on a Pentium III with 512M RAM box which runs a mail server (IMAP, ClamScan, Spam) and an Apache (WordPress and stuff).

IMPORTANT NOTES:
* This version of syslog-ng fixes a bug in enforcing the max-connections() limit for various stream-like sources (unix-stream and tcp). Previously this limit was not enforced, thus production environments may use an inadequate value. Validate your max-connection() settings before upgrading and check your logs for rejected connections.

In short, just change one line in /etc/syslog-ng/syslog-ng.conf to match with:source src { unix-stream("/dev/log" max-connections(20)); internal(); pipe("/proc/kmsg"); };

Earlier this year there was some problems updating packages and I used package.mask to get over it. There is also a better way to handle this so that the package is not updated until it’s really needed.

Jesse Adelman wrote into gentoo-user to ask how to be able to do an emerge -uDN world, but have portage not update one package. Jesse had a version of MythTV that had been removed from the tree that he wished to keep. However, the version in the tree was between a newer and older version, thus causing portage to want to downgrade if he simply put the newer version in package.mask.

Vikas Kumar suggested the often forgotten /etc/portage/profile/package.provided. A package placed in this file will not be updated unless another package necessarily depends on a newer version. Developer Zac Medico suggested to instead simply mask the package versions that are both higher and lower than the version Jesse wanted to keep, which is the best solution.

Using package.provided seems to be a nice solution but everything goes.

The first post of a blog is always more or less about “Hello World!” and “Look at our new and shiny blog”. This time this “Hello World!” post is about “The Rule of Tech” which means everything and nothing.

As thousands and thousands of other meaningless blogs also “The Rule of Tech” blog has no real function about giving something special or informative to the blogging community or the Web altogether. Just another blog in the blogosphere. This is a good starting point for a blogger: no stress about writing something usefull, just type post after post without thinking about the content.

The blog has some general topics about technology, computers and the Internet but at this time those are just the starting point. We will see how this blog turns out and what are it’s main points in the universe of random bits. The posts may be about technology, linux, programming, bits and bytes, computers, rants and everything between this and that.